PDA

View Full Version : I located intruder, Now what?



Old Clunker
11-25-2001, 03:08 PM
Hello All, 'nother Newbie here.

Using ZoneAlarm freebee, IE, OE, Yahoo and Hotmail on substantial Me system and DSL.

Just found net-Tools and easily identified the intruder. The intruder appears to be my service provider Verizon.net (GTE.net).

They use various addresses but all start out as 4.6*.*.* and various ports. They have hit on about every port on my machine.

The report shown by Net-Tools whosis shows: "SmartWhois tamqfl*-ar7-4-6*-056-248.vz.dsl.gtei.net (4.6*.56.248)"

Also shown is the e-mail address of a person which appears to be the same one each time.

I installed ZA yesterday and already have 50+ hits. I am recieveing mail and newsgroup entries just fine on all accounts and even the transfers to OE are working great.

Tell me: Do I contact the e-mail address? Does any part of the "SmartWhois tamqfl*-ar7-4-6*-056-248.vz.dsl.gtei.net (4.6*.56.248)" indicate a web page?

Not new to computing at all but this Sneaky Pete thing is a bit different for me.

Thank you for listening and will be very appreciative of any advice/guidance.

Thanx

Clunk

DATA
11-26-2001, 08:28 AM
hi,
Tell me: Do I contact the e-mail address? Does any part of the "SmartWhois tamqfl*-ar7-4-6*-056-248.vz.dsl.gtei.net (4.6*.56.248)" indicate a web page

re:it doesnt indicate a web page.try mailing.how r u sure it is an attack?right to port scan is a universal rite-lol

Blacksheep
11-26-2001, 06:16 PM
Howdy Old Clunker:

"Hello All, 'nother Newbie here."

We were all newbies once.;-)

"Using ZoneAlarm freebee, IE, OE, Yahoo and Hotmail on substantial Me system and DSL.

Just found net-Tools and easily identified the intruder. The intruder appears to be my service provider Verizon.net (GTE.net).

They use various addresses but all start out as 4.6*.*.* and various ports. They have hit on about every port on my machine."

4.6*.*.* covers a lot of territory. Unlikely all hits were from your service provider (ISP). Probably some hits from other ********s of your ISP.

"The report shown by Net-Tools whosis shows: "SmartWhois tamqfl*-ar7-4-6*-056-248.vz.dsl.gtei.net (4.6*.56.248)"

For more specific info run domain name tamqfl*-ar7-4-6*-056-248.vz.dsl.gtei.net thru this: http://www.geektools.com/cgi-bin/proxy.cgi

"Also shown is the e-mail address of a person which appears to be the same one each time.

I installed ZA yesterday and already have 50+ hits."

DSL and cable connected comps are prime targets for hackers/crackers/script kiddies because of high bandwidth and usually static IPs. A good firewall is a must.

"I am recieveing mail and newsgroup entries just fine on all accounts and even the transfers to OE are working great."

So, what's OE?

"Tell me: Do I contact the e-mail address?"

Probably a waste of time. For first time firewall users this is fun: http://www.neotrace.com/

"Does any part of the "SmartWhois tamqfl*-ar7-4-6*-056-248.vz.dsl.gtei.net (4.6*.56.248)" indicate a web page?"

No.

"Not new to computing at all but this Sneaky Pete thing is a bit different for me."

Was for me too. Spies, evil doers everywhere. "Ignorance is bliss.";-)

"Thank you for listening and will be very appreciative of any advice/guidance."

Good luck on your Internet privacy/security adventure.;-)

Old Clunker
11-27-2001, 10:48 PM
Thanks, Blacksheep, you have set my concerns on hold. Actually by now I have contacted my esteemed server and they have acknowledged that contact and all is well in the world. Hmmmm, well, in their world I guess.

Scary, eh?

But if you ain't worried, I guess I can follow that lead.

Take care

Clunk

Blacksheep
11-28-2001, 12:28 AM
Clunk:

"Thanks, Blacksheep, you have set my concerns on hold."

I certainly didn't intend to do that. If you want to protect your computer and everything in it, vigilance and knowledge of Internet privacy/security issues are keys.

"Actually by now I have contacted my esteemed server and they have acknowledged that contact and all is well in the world. Hmmmm, well, in their world I guess.

Scary, eh?"

Rather worrisome and irritating, like footsteps behind you in a dark alley and rocks in your shoes.

"But if you ain't worried, I guess I can follow that lead."

I wasn't worried when I was unaware of port scans, NetBIOS connections, viruses, backdoors, trojans, spyware, Web bugs, cookie *****ing, remote controls etc.. Thats what I meant by "Ignorance is bliss"

If you don't know about grc http://grc.com/default.htm click Shields Up!!, test your shields and probe your ports (*2 of 65,5*5)

e-Meow
12-04-2001, 07:56 AM
What you saw is not an intrusion. Your machine was not intruded. You're seeing a lot of incoming port scans. To my experience, it's the script kiddies from your ISP doing local scans. I s***est you send all logs to abuse@yourisp.net.

Unregistered
08-13-2004, 02:45 AM
Originally posted by Old Clunker
Thanks, Blacksheep, you have set my concerns on hold. Actually by now I have contacted my esteemed server and they have acknowledged that contact and all is well in the world. Hmmmm, well, in their world I guess.

Scary, eh?

But if you ain't worried, I guess I can follow that lead.

Take care

Clunk